Improving Multitasking DBMS Fuzzing With More Accurate Coverage and Testcase Trimming

作     者：Li, Jiaqi Zhou, Yajin Wu, Lei 

作者机构：Zhejiang Univ Coll Comp Sci & Technol Hangzhou 310027 Peoples R China 

出 版 物：《IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 (IEEE Trans. Dependable Secure Comput.)

年 卷 期：2025年第22卷第3期

页      面：2756-2770页

核心收录：

学科分类：0808[工学-电气工程] 08[工学] 0835[工学-软件工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：National Key R&D Program of China [2022YFE0113200] National Natural Science Foundation of China (NSFC) [U21A20464] 

主　　题：Fuzzing Computer bugs Accuracy Security Image edge detection Instruments Testing Target tracking Servers Prototypes Database testing tools coverage tracking 

摘      要：Coverage-guided fuzzing is prevalent in detecting DBMS (Database Management System) bugs. However, current coverage-guided DBMS fuzzers suffer from two limitations that prevent fuzzers from discovering bugs efficiently. First, the coverage feedback is imprecise which prevents fuzzers from making optimal decisions on fuzzing strategies. Second, DBMS fuzzers lack testcase trimming to control the increasing input sizes. The large input size makes DBMS execution slower and reduces the likelihood that a mutation would touch important structures. In this paper, we proposed corresponding methods to overcome these limitations. Specifically, the work-task coverage tracking and unstable edge filtering improve the coverage accuracy with low instrumentation overhead. Based on more accurate coverage, we further propose testcase trimming to improve the speed of bug detection. We implemented a prototype named Tuzz and evaluated it on three popular DBMSs. The evaluation result shows that Tuzz explores 16.3%, 26.1%, and 26.6% more edges than the state-of-the-art fuzzer in PostgreSQL, MySQL, and MariaDB, respectively. More importantly, Tuzz has discovered 10 and 4 previously unknown bugs in MySQL and MariaDB.